Skip to content

Filter dataset, schema, and tables from access management

This section specifies the datasets, schemas, and tables that are managed for access control by the BigQuery connector. The scope of access management is determined based on the following configuration properties for BigQuery Resources.

Goal

  1. You wish to manage access permissions for a specific dataset and table in BigQuery.
  2. You wish to exclude specific datasets and tables from access management in BigQuery.
  3. You wish to manage access permissions for all tables within BigQuery.

Prerequisites

  1. You have successfully installed Privacera Manager and have the base installation operational.
  2. You have configured the connector for BigQuery or are in the process of doing so.

Configuration Steps

Warning

The values shown below are for example purposes only. Replace them with your actual configuration values.

Update Configuration File Modify the following property in the vars.connector.bigquery.yml file located in the connector’s instance directory.

YAML
1
2
3
4
5
6
7
CONNECTOR_BIGQUERY_MANAGE_PROJECT_LIST: "gcp-project-123"
CONNECTOR_BIGQUERY_MANAGE_DATASET_LIST: "gcp-project-123.analytics_db"
CONNECTOR_BIGQUERY_MANAGE_TABLE_LIST: "gcp-project-123.analytics_db.customer_table, gcp-project-123.analytics_db.finance_*"

CONNECTOR_BIGQUERY_IGNORE_PROJECT_LIST: "gcp-project-111"
CONNECTOR_REDSHIFT_IGNORE_DATABASE_LIST: "gcp-project-123.test_db"
CONNECTOR_REDSHIFT_IGNORE_TABLE_LIST: "*.*.test_*"
The MANAGE list will include the objects to be managed by the connector, while the IGNORE list will exclude them

The following are the rules for the values you can set:

  1. You can provide a comma-separated list of project, dataset and table names.
  2. You can use * as a wildcard character.
  3. For dataset, the format is <project_id>.<dataset>.
  4. For table, the format is <project_id>.<dataset>.<table>.
  5. The ignore list takes precedence over the manage list. If a project, dataset, or table appears in both lists, it will be excluded.
  6. These entries are case-sensitive.
  7. If you set a MANAGE list value to empty, it will manage all objects of that type. You can use this to manage all objects within a project.

Save the file and update the privacera manager

Bash
1
2
cd ~/privacera/privacera-manager
./privacera-manager.sh update

  1. In PrivaceraCloud, go to Settings -> Applications.

  2. On the Applications screen, select BigQuery.

  3. Enter the application Name and Description. Click Save. Name could be any name of your choice. E.g. BigQuery Connector for account 123456.

  4. Open the BigQuery application.

  5. Enable the Access Management option with toggle button.

  6. Under the ADVANCED tab, enter the values for:

    • Datasets to Set Access Control Policies : Specifies a list of comma-separated datasets that PolicySync manages access control to. Wildcards can be used. If no value is set, all datasets are managed.

    • Tables to Set Access Control Policies : Specifies a comma-separated list of table names for which PolicySync manages access control. Use the format <PROJECT_NAME>.<DATASET_NAME>.<TABLE_NAME>. Wildcards can be used.

    • Projects to Ignore While Setting Access Control Policies : Specifies a comma-separated list of project names that PolicySync does not provide access control for. Wildcards are allowed.

    • Datasets to Ignore While Setting Access Control Policies : Specifies a comma-separated list of dataset names that PolicySync does not provide access control for. Wildcards are allowed.

    • Tables to Ignore While Setting Access Control Policies : Specifies a comma-separated list of table names that PolicySync does not provide access control for. Wildcards are allowed.

  7. Click SAVE.

  8. The configured BigQuery connector appears under Applications.

  9. Once saved and enabled, the BigQuery connector will start. Then you can hover on the VIEW LOGS button to check the status, either Running or Stopped.

Note

Text Only
1
Perform the following steps only if the connector does not reflect the updated configuration and requires a restart.

Restart The BigQuery Connector:

  1. Go to Settings > Applications > select the BigQuery connector application .

  2. Edit the application > Disable it > and Save it.

  3. Open the same application again and then: Enable it and Save it.

Comments